Thread: Kindle Touch and PuTTy
View Single Post
Old 06-20-2012, 03:20 PM   #18
bhaak
Groupie
bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.bhaak can program the VCR without an owner's manual.
 
bhaak's Avatar
 
Posts: 164
Karma: 164969
Join Date: Dec 2011
Device: Palm IIIx, (iPhone|Kindle) Touch
Quote:
Originally Posted by knc1 View Post
Note: These are Busybox based systems - which may or may not have the for-real iptables command installed rather than using the Busybox version. You really need to check which version (Busybox minimum implementation or Real, full implementation).
The iptables command identifies itself as "iptables v1.3.8". Looks like the real, although slightly oldish, deal.

Quote:
Originally Posted by knc1 View Post
The ruleset for iptables is a declarative programming language -
Never, ever, quote only a sub-set of the commands present.
The above quote is either (incorrectly) hand-written or only a sub-set of the commands present.
If you've read my posting attentively enough, you would have seen that I said to insert the rules into /etc/sysconfig/iptables. This file is used as input for iptables-restore when the network is started.

Quote:
Originally Posted by knc1 View Post
A Kindle may have at least three interface devices - 3G, Wifi, and USBnet.
When you include an interface name in a rule, it applies to only that interface.
It was intentional to only use the wlan0 interface because you don't need to restrict the usbnet interface. If you've got access to a computer that can connect to the internet, you don't need the kindle connected via a USB cable.

But I actually forgot the 3G interface. I always forget that one, because I don't have a KT with 3G and IMO it's more useful to Amazon than for the user.

Quote:
Originally Posted by knc1 View Post
As the O.P. points out, the above snippet was never tried (because it can not possibly work as described/intended).
No, it wasn't tried out because I wasn't in a wi-fi from which I could ssh into my Kindle to test it.

Quote:
Originally Posted by knc1 View Post
In addition to only being applied to one of the three network interfaces, as written above - - -
It will probably be only minutes (or a few days) before some crafty kid learns how to rename an interface so that it no longer matches any of the interface names mentioned in this snippet.
Which would be a cool thing to do for any kid. You can't completely lock down a device like the Kindle so it is impossible to access the internet. The only way would be to not give the device to the user in the first place. You can only make it harder. As soon as somebody has the device in his or her hands, they can do quite a lot with it to customize ... but we already know this, after all we're here in Kindle Developer's Corner.
bhaak is offline   Reply With Quote